1# $OpenBSD: sshd_config,v 1.63 2003/08/13 08:46:31 markus Exp $ 2 3# This is the sshd server system-wide configuration file. See 4# sshd_config(5) for more information. 5 6# The strategy used for options in the default sshd_config shipped with 7# OpenSSH is to specify options with their default value where 8# possible, but leave them commented. Uncommented options change a 9# default value. 10 11#Port 22 12#Protocol 2,1 13#ListenAddress 0.0.0.0 14#ListenAddress :: 15 16# HostKey for protocol version 1 17#HostKey /etc/ssh/ssh_host_key 18# HostKeys for protocol version 2 19#HostKey /etc/ssh/ssh_host_rsa_key 20#HostKey /etc/ssh/ssh_host_dsa_key 21 22# Lifetime and size of ephemeral version 1 server key 23#KeyRegenerationInterval 1h 24#ServerKeyBits 768 25 26# Logging 27#obsoletes QuietMode and FascistLogging 28#SyslogFacility AUTH 29#LogLevel INFO 30 31# Authentication: 32 33#LoginGraceTime 2m 34#PermitRootLogin yes 35#StrictModes yes 36 37#RSAAuthentication yes 38#PubkeyAuthentication yes 39#AuthorizedKeysFile .ssh/authorized_keys 40 41# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 42#RhostsRSAAuthentication no 43# similar for protocol version 2 44#HostbasedAuthentication no 45# Change to yes if you don't trust ~/.ssh/known_hosts for 46# RhostsRSAAuthentication and HostbasedAuthentication 47#IgnoreUserKnownHosts no 48# Don't read the user's ~/.rhosts and ~/.shosts files 49#IgnoreRhosts yes 50 51# To disable tunneled clear text passwords, change to no here! 52#PasswordAuthentication yes 53#PermitEmptyPasswords no 54 55# Change to no to disable s/key passwords 56#ChallengeResponseAuthentication yes 57 58# Kerberos options 59#KerberosAuthentication no 60#KerberosOrLocalPasswd yes 61#KerberosTicketCleanup yes 62#KerberosTgtPassing no 63 64#AllowTcpForwarding yes 65#GatewayPorts no 66#X11Forwarding no 67#X11DisplayOffset 10 68#X11UseLocalhost yes 69#PrintMotd yes 70#PrintLastLog yes 71#KeepAlive yes 72#UseLogin no 73#UsePrivilegeSeparation yes 74#PermitUserEnvironment no 75#Compression yes 76#ClientAliveInterval 0 77#ClientAliveCountMax 3 78#UseDNS yes 79#PidFile /var/run/sshd.pid 80#MaxStartups 10 81 82# no default banner path 83#Banner /some/path 84 85# override default of no subsystems 86Subsystem sftp /usr/libexec/sftp-server 87